Manage user access to buckets


Edit the bucket to modify the list users with access to the bucket and specify their permissions.

User and group permissions can be granted when the bucket is created or as needed later. You can also modify the bucket capacity and QoS policy group assignment.

You must have already created users or groups before granting permissions.

In ONTAP 9.9.1 and later releases, if you plan to support AWS client object tagging functionality with the ONTAP S3 server, the actions GetObjectTagging, PutObjectTagging, and DeleteObjectTagging need to be allowed using the bucket or group policies.

  1. Edit the bucket: click Storage > Buckets, click the desired bucket, and then click Edit.
    When adding or modifying permissions, you can specify the following parameters:

    • Principal: the user or group to whom access is granted.

    • Effect: allows or denies access to a user or group.

    • Actions: permissible actions in the bucket for a given user or group.

    • Resources: paths and names of objects within the bucket for which access is granted or denied.

      The defaults bucketname and bucketname/* grant access to all objects in the bucket. You can also grant access to single objects; for example, bucketname/*_readme.txt.

    • Conditions (optional): expressions that are evaluated when access is attempted. For example, you can specify a list of IP addresses for which access will be allowed or denied.